ReQuest Serious Play F3 Media Server 7.0.3 Debug Log Disclosure
Title: ReQuest Serious Play F3 Media Server 7.0.3 Debug Log Disclosure
Advisory ID: ZSL-2020-5600
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information
Risk: (4/5)
Release Date: 18.10.2020
7.0.2.4954
6.5.2.4954
6.4.2.4681
6.3.2.4203
2.0.1.823
ReQuest Serious Play® OS v6.0.0
Debian GNU/Linux 5.0
Linux 3.2.0-4-686-pae
Linux 2.6.36-request+lenny.5
Apache/2.2.22
Apache/2.2.9
PHP/5.4.45
PHP/5.2.6-1
[16.08.2020] Vendor contacted.
[17.10.2020] No response from the vendor.
[18.10.2020] Public security advisory released.
[2] https://exchange.xforce.ibmcloud.com/vulnerabilities/190032
[3] https://www.exploit-db.com/exploits/48950
[20.10.2020] - Added reference [1]
[26.10.2020] - Added reference [2] and [3]
Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2020-5600
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information
Risk: (4/5)
Release Date: 18.10.2020
Summary
F3 packs all the power of ReQuest's multi-zone serious Play servers into a compact powerhouse. With the ability to add unlimited NAS devices, the F3 can handle your entire family's media collection with ease.Description
The unprotected web management server is vulnerable to sensitive information disclosure vulnerability. An unauthenticated attacker can visit the message_log page and disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running on the device.Vendor
ReQuest Serious Play LLC - http://www.request.comAffected Version
7.0.3.4968 (Pro)7.0.2.4954
6.5.2.4954
6.4.2.4681
6.3.2.4203
2.0.1.823
Tested On
ReQuest Serious Play® OS v7.0.1ReQuest Serious Play® OS v6.0.0
Debian GNU/Linux 5.0
Linux 3.2.0-4-686-pae
Linux 2.6.36-request+lenny.5
Apache/2.2.22
Apache/2.2.9
PHP/5.4.45
PHP/5.2.6-1
Vendor Status
[01.08.2020] Vulnerability discovered.[16.08.2020] Vendor contacted.
[17.10.2020] No response from the vendor.
[18.10.2020] Public security advisory released.
PoC
request_log.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://packetstormsecurity.com/files/159598/[2] https://exchange.xforce.ibmcloud.com/vulnerabilities/190032
[3] https://www.exploit-db.com/exploits/48950
Changelog
[18.10.2020] - Initial release[20.10.2020] - Added reference [1]
[26.10.2020] - Added reference [2] and [3]
Contact
Zero Science LabWeb: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk